I have a we开发者_Python百科b form for installing an application where users submit there sql credentials and server etc. I want to take that data and write it out to a config.php like:
$_MYSQL['server'] = '';
$_MYSQL['username'] = '';
$_MYSQL['password'] = '';
$_MYSQL['database'] = '';
on the fly based on what they submitted to be included in other files later. Problem is I don't want to write user submitted data out to a php file, that is obviously insecure. How can I do this safely?
http://php.net/var_export
You have to escape the user input, and store data as a serialized version or array ( serialize ) this will give You a good starting point for makeing this in a secure way
i know that question is about a creation of bare php file, but serialization will be more secure and easy to use way
cheers
Plenty of well-known pieces of software auto-generate their config files in this way. So long as you remove unwanted characters from the string, and perform proper validation on the form input, you should be just fine.
In this particular instance, a simple way to check that the MySQL credentials are safe would be to simply try connecting to the server with the details prior to writing them to the config file.
Additionally, as previously mentioned, installation scripts should be locked down anyway and only open to trusted users in the first place!
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论